Home page logo

isn logo Information Security News mailing list archives

Re: Criminal conduct and "cryptography." (Adobe vs. Sklyarov)
From: Eric Rescorla <ekr () speedy rtfm com>
Date: 18 Jul 2001 14:54:33 -0700

"Jay D. Dyson" <jdyson () treachery net> writes:
      As Weld Pond of @stake (formerly the l0pht) has noted, the dire
predictions made on the quality of digital content protection in the
age of DMCA have come to fruition.  Where there could have been honest and
accurate peer review, we now have little but more snake oil being pawned
off as "secure."

      To review Sklyarov's presentation on how trivial it is to bust
Adobe's "encryption," please see the following URL:


      Take a look at the findings there.  You will be amazed as well as
sickened that any self-respecting company could call this tripe

      It's a sad day when it's cheaper to make a shoddy product and rely
on law enforcement to protect your product than it is to make a decent
product in the first place.  Bottom line is thus: all of us -- regardless
of whether we use Adobe's products -- are now paying fees (taxes) to
assure that their product is protected.
It seems to me that the quality of the encryption is a side issue
in this case.

In general, DRM systems of this type need to be concerned with
two classes of attacks:
(1) content recovery by unauthorized users (i.e. random individuals
who get access to the encrypted content)
(2) content recovery by authorized users (i.e. people who are 
authorized to view the content in some authorized device but
not to extract the raw plaintext, etc.)

The quality of the encryption being used only applies to attackers
of type (1) since attackers who have the key will be able to recover
the plaintext no matter what the encryption algorithm is, provided
that they know the algorithm. It's not in principle any more difficult
to reverse engineer a binary implementing a strong algorithm than one
implementing a weak one.

As far as I can tell, ElcomSoft's decryption utility requires the
user to input the password. Therefore it would only be of use
to attackers in class (2). While the encryption is admittedly bad
the situation wouldn't be any better from Adobe's perspective
if the encryption were good.

Similar comments apply to CSS--although it uses a weak algorithm
which could in principle be exhaustively searched, this isn't necessary
since a key has been recovered by reverse engineering an authorized

Why bother to make this distinction? Because eventually we'll run
into a DRM system which uses a strong encryption algorithm. It will
still be breakable since we don't know how to protect against attackers
of class (2) but we won't be able to say "hey, these losers are
using ROT13". We might as well start fighting that battle because
we'll need to soon enough in any case.


ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]